Error in creating google datalab instance
I'm trying to follow the Datalab: Notebook in the Cloud video , and when executing the datalab create ai-adventures command, I encountered this error.
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
- The user does not have access to service account '*@compute-system.iam.gserviceaccount.com'. User: '*@gmail.com'. Ask a project owner to grant you the iam.serviceAccountUser role on the service account
Few things to note;
- I'm the project owners.
- I've tried to create a new service account
tutorial@*.iam.gserviceaccount.comand that didn't work.
Any advice would be greatly appreciated!
Edit 1
Below is the information, as you can see when checking through gcloud auth list directive, I'm the owner, yet it tells me that I don't have access.
~ ⌚ 18:40:34
$ datalab create ai-adventures-3 --machine-type=n1-standard-4 --zone=us-central1-b
Creating the disk ai-adventures-3-pd
Creating the instance ai-adventures-3
ERROR: (gcloud.compute.instances.create) Could not fetch resource:
- The user does not have access to service account 'service-510602609611@compute-system.iam.gserviceaccount.com'. User: 'XXX@gmail.com'. Ask a project owner to grant you the iam.serviceAccountUser role on the service account
A nested call to gcloud failed, use --verbosity=debug for more info.
~ ⌚ 15:02:59
$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* XXX@gmail.com
AAA@gmail.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
~ ⌚ 15:03:45
$
I tried to reproduce your error in my own project using different ways to connect to it, with different users and accounts services.
And I found something that may help you.
- First, I created a new VMInstance with OS
debian-9-drawfork-v20200207. - I logged in to this new instance through SSH
- But when I attempted to create this datalab instance with the command
datalab create --verbosity=debug example-datalab-2 --machine-type n1-standard-1
I received an error.
- Then I send the following command
gcloud auth list
And I received something like:
Credentialed Accounts
ACTIVE ACCOUNT
* XXXXX@developer.gserviceaccount.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
It means that if I tried to create the new datalab instance with this Account Service, but this account doesn’t have the roles to create the notebook instance.
Then I changed the user with
gcloud auth logincommand to an account with the owner role and re-ran thedatalab createcommand and it worked.To corroborate that it is working well I used the command
datalab connect example-datalab-2
And I received something like
Connecting to example-datalab-2.
This will create an SSH tunnel and may prompt you to create an rsa key pair. To manage these keys, see https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
Waiting for Datalab to be reachable at http://localhost:8081/
This tool needs to create the directory [/home/directory/.ssh] before
being able to generate SSH keys.
Do you want to continue (Y/n)? y
Generating public/private rsa key pair.
.
.
.
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
The connection to Datalab is now open and will remain until this command is killed.
Click on the *Web Preview* (square button at top-right), select *Change port > Port 8081*, and start using Datalab.
Then If I access to http://localhost:8081/ I can see:
It is worth mentioning that I received another error message at my first attempt
ERROR: (gcloud.source.repos.list) User [user@example.com] does not have permission to access project [myproject] (or it may not exist): Cloud Source Repositories API has not been used in project xxxxxxxx before or it is disabled.
I fixed this issue enabling the service with the command
gcloud beta services enable sourcerepo.googleapis.com
On the other hand, in order that you can troubleshoot this issue more accurately , I recommend to re-run the command with the following debug flag to help diagnose the problem:
datalab create --verbosity=debug datalab-instance-name
Also, I have found 2 guides that can help you with your task:
Quickstart guide that shows you how to use the datalab command line tool to set up and open Google Cloud Datalab.
I hope you find this information useful.
Edit 1
Regarding the Service Account you mentioned tutorial@*.iam.gserviceaccount.com, I’ve found the following document where it says that you can use a service account instead of the default service account to create your datalab, but you need to add the following roles:
roles/compute.instanceAdmin.v1
roles/iam.serviceAccountUser
So, please check if your SA has these roles and then you can run the same command + --service-account something like:
datalab create ai-adventures --service-account=tutorial@*.iam.gserviceaccount.com
You could see more information in the following link.
This question is more interesting than I thought and I’ve encountered several issues using Datalab, we could take in consideration that the video you mentioned has been posted on Jan 11, 2018 and as Google Cloud Platform is evolving very fast, something that could work on that date could completely change 2 years later.
With this, I recommend you to use the AI Platform Notebooks page since it has similar features as Datalab, and according with the following documentation it was released as Generally Available on March 31st, 2020.
Upon trying it out, it seems that it could fit your use case and it also has capabilities to connect to Bigquery through the use of the R notebook.
- gcloud SSH in same terminal window
- Cannot enable API on GCP (User role=Owner && Billing account is linked)
- Select All Columns Except Some in Google BigQuery?
- Why does my flex env google app engine instance have a minimum of 2 instances running, even when there is no traffic?
- How Does GCP Global Application Load Balancer Select the Closest Backend?
- How to use Google Search Grounding with Dynamic Retrieval Configuration
- Google Stackdriver Logging add comments to advanced filter
- Exporting from Cloud SQL to CSV with column headers
- BigQuery Date-Partitioned Views
- Check TPU workload/utilization
- Google Forms API raises google.auth.exceptions.RefreshError: 'No access token in response.'
- Google App Engine slow cold boot time (Flask app)
- How can I see request count (not rate) for a Google Cloud Run application?
- I can write to my Firebase Firestore database, but am unable to read from it (Android Studio using Java)
- How to get task count in GCP cloud task
- Programmatically get current Service Account on GCP
- How to Access GKE Private Master from VPN in Hub VPC with Peering
- My gcp service account with "artifact registry admin" account was not able to push the docker image to repo
- GCP API Gateway: Cannot use path params
- Flask api on gcloud's URL keeps on loading
- GCP CloudBuild substitution fails in pipeline
- Is it secure to use an .env file to store API keys in Firebase Cloud Functions instead of Google Secret Manager?
- How do I keep a long-running background task from stopping on Google Cloud Run?
- GCP Cloud SQL Proxy times out: connectex
- How to automatically back up and version BigQuery code such as stored procs?
- BigQuery Policy Tags: possible as infra as code?
- How to use GCP Translation API to process a table in BigQuery?
- How to enable DML statements on BigTable via BigQuery?
- ScikitLearn model giving 'LocalOutlierFactor' object has no attribute 'predict' Error
- Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)